Topic: [solved] Unable to authenticate VPN connection from Ubuntu client

[jarthurs]

I'm trying to establish a VPN connection from an Ubuntu 12.04 desktop to a remote SME Server 9.1.

I've setup the remote router to pass PPTP direct to the server IP. The server has 1 PPTP client under Remote Access settings and the users credentials I'm using have VPN access enabled. On the Ubuntu end I've set up VPN connection under Network Connections with the username and password. I'm getting an authentication error that both MS-CHAP and CHAP have failed. Question is what am I missing?

sudo tail -f /var/log/syslog

Feb  3 13:37:23 Hemmingway NetworkManager[1111]: <info> Starting VPN service 'pptp'...
Feb  3 13:37:23 Hemmingway NetworkManager[1111]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 4975
Feb  3 13:37:23 Hemmingway NetworkManager[1111]: <info> VPN service 'pptp' appeared; activating connections
Feb  3 13:37:23 Hemmingway NetworkManager[1111]: <info> VPN plugin state changed: init (1)
Feb  3 13:37:23 Hemmingway NetworkManager[1111]: <info> VPN plugin state changed: starting (3)
Feb  3 13:37:23 Hemmingway NetworkManager[1111]: <info> VPN connection 'Merralls' (Connect) reply received.
Feb  3 13:37:23 Hemmingway pppd[4979]: Plugin /usr/lib/pppd/2.4.5/nm-pptp-pppd-plugin.so loaded.
Feb  3 13:37:23 Hemmingway pppd[4979]: pppd 2.4.5 started by root, uid 0
Feb  3 13:37:23 Hemmingway pppd[4979]: Using interface ppp0
Feb  3 13:37:23 Hemmingway pppd[4979]: Connect: ppp0 <--> /dev/pts/1
Feb  3 13:37:23 Hemmingway NetworkManager[1111]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Feb  3 13:37:23 Hemmingway NetworkManager[1111]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Feb  3 13:37:23 Hemmingway pptp[4982]: nm-pptp-service-4975 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Feb  3 13:37:23 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Feb  3 13:37:23 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Feb  3 13:37:23 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Feb  3 13:37:24 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Feb  3 13:37:24 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Feb  3 13:37:24 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 640).
Feb  3 13:37:25 Hemmingway pppd[4979]: MS-CHAP authentication failed:
Feb  3 13:37:25 Hemmingway pppd[4979]: CHAP authentication failed
Feb  3 13:37:25 Hemmingway pppd[4979]: Connection terminated.
Feb  3 13:37:25 Hemmingway NetworkManager[1111]: <warn> VPN plugin failed: 1
Feb  3 13:37:25 Hemmingway NetworkManager[1111]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Feb  3 13:37:25 Hemmingway pptp[4982]: nm-pptp-service-4975 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Feb  3 13:37:25 Hemmingway pptp[4982]: nm-pptp-service-4975 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Feb  3 13:37:25 Hemmingway pptp[4992]: nm-pptp-service-4975 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Feb  3 13:37:25 Hemmingway pptp[4992]: nm-pptp-service-4975 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Feb  3 13:37:25 Hemmingway pptp[4992]: nm-pptp-service-4975 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Feb  3 13:37:25 Hemmingway NetworkManager[1111]: <warn> VPN plugin failed: 1
Feb  3 13:37:25 Hemmingway pppd[4979]: Exit.
Feb  3 13:37:25 Hemmingway NetworkManager[1111]: <info> VPN plugin state changed: stopped (6)
Feb  3 13:37:25 Hemmingway NetworkManager[1111]: <info> VPN plugin state change reason: 0
Feb  3 13:37:25 Hemmingway NetworkManager[1111]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Feb  3 13:37:25 Hemmingway NetworkManager[1111]: <info> Policy set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS.
Feb  3 13:37:30 Hemmingway NetworkManager[1111]: <info> VPN service 'pptp' disappeared

Help!

[Stefano]

What about SME's logs?

[jarthurs]

What about SME's logs?

I finally managed to gain access to the Radius log and saw, 'Error: [mschap] Invalid LM-Password'. So I went back and checked the VPN setup and it all seemed fine, but then I realised the keyboard mapping on the Ubuntu machine is non-UK and one of the punctuation characters wasn't the same as the UK mapping so it was indeed the wrong password all along.

All now configured fine and much easier to administer from a distance! Now I might try VPN Bridge...

Thanks,
Jason.

[Stefano]

you are welcome

[ReetP]

I finally managed to gain access to the Radius log and saw, 'Error: [mschap] Invalid LM-Password'. So I went back and checked the VPN setup and it all seemed fine, but then I realised the keyboard mapping on the Ubuntu machine is non-UK and one of the punctuation characters wasn't the same as the UK mapping so it was indeed the wrong password all along.

I know that feeling with English and Spanish and different keyboards

All now configured fine and much easier to administer from a distance! Now I might try VPN Bridge...

The quicker you can use something more secure and dump PPTP the better ! The OpenVPN contribs are good, but they take a little while to get your head round with certificates etc. But worth the effort. OpenVPN routed is good for 'dial in' VPN.

I do have a pretty reasonably working IPSEC contrib too if you want to play some time (better for router-router/server-server static connections)

B. Rgds
John

B. Rgds
John